m^*Archer eGRC 

SENSITIVE BUT UNCLASSIFIED _ 


SOC Incident Management System 


IMS User 
Contact: 


(b) (7)(E) 


Record 

Permissions 

Group: 


Restrict Access 
To: 


(b) (7)(E) 


Record Source: 


Contact Details 


Enter the NASA AUID or email address of the Contact, and click "Lookup Contact Details" to automatically 
retrieve the information. 


AUID: 


Email: 


Enter Contact information below if the primary contact 
is not an IMS user 


Contact Last 
Name: 


Contact First 
Name: 


Contact Role: 


Contact Office 
Phone: 


Contact E-mail: 


Contact Cell 
Phone: 


Contact AUID: 


Contact NASA 
Center: 


Contact 

Building: 

Contact Type: 


Contact Room 
Number: 


General Details 

SOC Tracking (b)(7)(E) Categorization: (b) (7)(E) 

Number: 

Incident Time 
Zone: 

Strange voicemail forwarded from Public Affairs Office on the NASA News Media phone number 

(b)(7)(E) & (b)(7)(F) 


Current Status: (^^ (7)(E) Assigned To: (b) (7)(E) 


Date Record 
Created (UTC): 

Title: 

Brief 

Description: 
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Current Priority: (b) (7)(E) 

CUI: 

Ok To Ciose: 


Aiso Notify: 
Notify on Save: 


(b) (7)(E) 


US CERT Reporting 

Risk Rating: 


Information 

Functional 

Impact: 

Impact: 

Recoverability: 

Attack Vectors: 

Critical Service 

Classified 

or System: 

Incident: 

Major Incident: 

High Value 


Assets (HVA): 

Reportable to 


Congress: 


Observed 

Number of 

Activity: 

Records 


Impacted: 

Location of 

Number of 

Observed 

Systems 

Activity: 

Impacted: 

Actor 

Number of 

Characterization 

Users Impacted: 

Action Taken to 

Number of Files 

Recover: 

Impacted: 


The fields below hold the US-CERT Reporting fields that were in foree from Oetober 1, 2015 through Mareh 
31, 2017. The are included here for reporting purposes only. 

Functionai Informationai 

Impact old: Impacts old: 

Recoverability 
Impact old: 


Related Tasks 

Task ID Assigned To Due Date (UTC) Priority Status Description Resoiution 

No Records Found 


Related Incidents 

Relationship 
Description: 


Select 

Relationship: 
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Parent Incident 

SOC Tracking Number Current Status 

No Records Found 


Child Incidents 

SOC Tracking Number 
No Records Found 

Sibling Incidents 

SOC Tracking Number 
No Records Found 


Current Status 


Current Status 


Incident Details 

Time Incident 
Started: 

Time Incident 

Detected: (b) (7)(E) 

Center Affected 
by Incident: 

US-CERT 

Category: 

US-CERT 

Tracking 

Number: 

Resolution 

Status: 


Primary Method ^ ^ ^ 

used to Identify 
Incident: 

Primary Attack 
Category: 

Primary 

Vulnerability 

Type: 


Lost or Stolen NASA Equipment Application 

Tracking ID Cause of Loss Type of System Lost 

No Records Found 


Host Information 
NASA Hosts 


Title 


Title 


Title 


Time Incident 
Started (UTC): 

Time Incident 
Detected (UTC): 

Overall Impact Low 
(reference): 

Incident 

Subcategory: 

ESD Ticket #: 


Malware 

Family: 

Highest level of 
access gained: 


Lost or Stolen 
NASA 

Equipment: 


Description of Circumstances 
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IP Address IPv6 Address Host Name 

No Records Found 

External Hosts 

IP Address External IPv6 Address Host Name 

No Records Found 


Campaigns (b) (7)(E) 

Campaign 

Name: 

Campaign 

Comment: 


Reviewed By 
TVA: 

Confirmed By 

TVA: (b) (7)(E) 

Is APT: 


Indicators of Compromise 

(b) (7)(E) 


Root Cause Statement 


Center/Facility 


Position in this attack 
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The Root Cause Statement can be constructed from the following fields like so: 

"SOURCES source realized CATEGORIES using METHODS exploiting CAUSES (with additional FACTORS) gaining OBJECTVES." 
See the help for the individual fields for more information about what the various values mean and their context. 


Root Cause 

Root Cause 

Sources: 

Categories: 

Root Cause 

Root Cause 

Methods: 

Causes: 

Root Cause 

Root Cause 

Factors: 

Objectives: 


Reporting Organizations 


Reporting Date 

Reporting Local 

Reporting Local 


Reporting 

Reporting 

Organization 

(UTC) 

Date 

Time Zone 

Reporting Notes 

Reporting Number Organization 

Contact 


No Records Found 


Impact of Incident 


NASA Programs, 

Projects, and/or 

Operations: 

People: 

Data (at Rest or 

Transmission): 

System: 

Cost: 

Sophistication / 
Nature of 

Attack: 

Number of 

Number of 

systems 

NASA Centers/ 

affected by this 

Facilities 

incident: 

affected by this 
incident: 

Number of 

Critical 

accounts 

Infrastructure 

affected by this 
incident: 

Impacted: 

Other Impacts: 


Overall Impact: 



Containment Actions 

Incident 
Containment 
System Action: 

Incident 
Containment 
Network Action: 
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Recovery Actions 

Incident 
Recovery 
System Action: 

Incident 
Recovery User 
Action: 


Recommendations 

Root Cause: 

Lessons 

Learned: 


Costs 

Center (Hours): (t*) (7)(E) 

NASA SOC 
(Hours): 

NASA NOC 
(Hours): 

Other Costs 
(Hours): 


Center (Doiiars): 

NASA SOC 
(Doiiars): 

NASA NOC 
(Doiiars): 

Other Costs 
(Doiiars): 


Total Costs in Hours and Dollars are automatically calculated as the sum of the individual costs above. Center IR teams or managers should enter 
the Center costs, the NASA SOC Manager should enter the SOC Costs and the NOC Manager should enter the NOC costs, if any, in order to arrive 
at the Total Cost. 


Total Cost (b)(7)(E) 
(Hours): 

Description of 
Costs: 

System Down 
Time (Days): 


Total Cost 
(Dollars): 


(b) (7)(E) 


System Down 
Time (Hours): 


Timeline 

Date Record (b) (7)(E) 
Opened (UTC): 


Date Record 

Contained 

(UTC): 

Date Record 
Closed (UTC): 


Time in Open: 


(b) (7)(E) 


Date Record (b) (7)(E) 

Confirmed 

(UTC): 

Date Record 
Resolved (UTC): 
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Time in (t*) (7)(E) 

Confirmed: 


Time to 
Confirm: 


(b) (7)(E) 


Time in 
Contained: 


Time to Contain: 


Time in 
Resoived: 


Time to Resoive: 


Time in Ciosed: 


Time to Ciose: 


Number of Days 
to Resoive: 


Journal Entries 


Entry 

(b) (7)(E) 


Entry Date 


IMS User 


Attachment(s) 


Name 

(b) (7)(E) 


Size Type Upload Date 


Downloads 


History Log 

View History Log 
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